package com.woniuxy.mesboot.security;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;

import javax.annotation.Resource;


/**
 * @author ：lisir
 * @date ：Created in 2023/5/30 10:57
 * @description：TODO
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private JWTLogoutSuccessHandler jwtLogoutSuccessHandler;
    @Resource
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Bean
    LoginAuthenticationSuccessHandler loginAuthenticationSuccessHandler(){
        return new LoginAuthenticationSuccessHandler();
    }
    @Bean
    LoginAuthenticationFailureHandler loginAuthenticationFailureHandler(){
        return new LoginAuthenticationFailureHandler();
    }
    @Bean
    LoginFilter loginFilter() throws Exception {
        LoginFilter loginFilter = new LoginFilter();
        loginFilter.setAuthenticationManager(authenticationManager());
        loginFilter.setAuthenticationSuccessHandler(loginAuthenticationSuccessHandler());
        loginFilter.setAuthenticationFailureHandler(loginAuthenticationFailureHandler());
        return loginFilter;
    }
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        // 可以解决post请求403问题
        httpSecurity.csrf().disable();
        // CRSF禁用，不使用session
        httpSecurity.csrf().disable();
        //允许跨域
        httpSecurity.cors();
        // 基于token，所以不需要session
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 过滤请求，‘/users/login’不能使用.anonymous(),否则登录成功再点登录时一直提示403
        httpSecurity.authorizeRequests()
                .antMatchers("/users/login","/uploadoss").permitAll()
                .anyRequest().authenticated();
        //把自定义过滤替换原有的 UsernamePasswordAuthenticationFilter过滤器
        httpSecurity.addFilterAt(loginFilter(), UsernamePasswordAuthenticationFilter.class);
        httpSecurity.logout().logoutSuccessHandler(jwtLogoutSuccessHandler);
        httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter,LogoutFilter.class);
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        // 这里我们使用bcrypt加密算法，安全性比较高
        return new BCryptPasswordEncoder();
    }
    @Resource
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }
}
